Support User Manuals

Cisco Systems 10000 Network Router User Manual

Open as PDF

of 624

12-6

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 12 Configuring Traffic Filtering

Time-Based ACLs

Example 12-2 creates a periodic time range named no-http that specifies Monday through Friday from

8:00 a.m. to 6:00 p.m.

Example 12-2 Configuring a Time Range

Router(config)# time-range no-http

Router(config-time-range)# periodic weekdays 8:00 to 18:00

Example 12-3 creates a time range named HTTP that specifies both periodic and absolute values. During

ACL processing, the router assumes that the time period begins right now because the absolute

command does not specify a start value. The router then evaluates the periodic value, which indicates

that the time period is restricted to Monday through Wednesday from 8:00 a.m. to 7:00 p.m. The time

period ends on February 6 at 11:59 p.m.

Example 12-3 Configuring a Time Range with Periodic and Absolute Entries

Router(config)# time-range http

Router(config-t-range)# periodic monday 8:00 to wednesday 19:00

Router(config-t-range)# absolute end 23:59 6 February 2000

Applying a Time Range to a Numbered Access Control List

To apply a time range to the access control entries (ACEs) of a numbered extended access control list

(ACL), enter the following commands beginning in global configuration mode:

Example 12-4 permits SMTP traffic to the access the mail host (128.88.1.2) on Monday through Sunday

between the hours of 5:00 a.m. and 11:59 p.m, if the traffic belongs to an already established connection.

The example creates the time range named smtp and applies it to the ACE of the extended access list

numbered 102. The time-based ACL is then applied to the ingress serial 0 interface.

Command Purpose

Step 1

Router (config)# access-list

access-list-number [dynamic dynamic-name

[timeout minutes]] {deny | permit}

protocol source source-wildcard

destination destination-wildcard

[precedence precedence] [tos tos] [log |

log-input] time-range time-range-name

[fragments]

Defines a numbered extended IP access control list (ACL).

The time-range time-range-name argument specifies the name of

the time range to apply to the ACE.

Note In Cisco IOS Release 12.3(7)XI1, the time-range

argument is required.

For more information about the access-list command, see the

Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and

Services, Release 12.3.

Step 2

Router(config)# interface type number

slot/module/port.subinterface

Configures an interface and enters interface configuration mode.

Step 3

Router(config-if)# ip access-group

{access-list-number | access-list-name}

{in | out}

Controls access to an interface.

previous next